[openssl.org #2495] enable PEM_write_DSAPublicKey
Hi, Is there any reason why PEM_write_DSAPublicKey() is not enabled in pem_all.c? We'd like to use this in OpenSSH. Index: crypto/pem/pem.h === RCS file: /cvs/src/lib/libssl/src/crypto/pem/pem.h,v retrieving revision 1.10 diff -u -p -r1.10 pem.h --- crypto/pem/pem.h1 Oct 2010 22:58:56 - 1.10 +++ crypto/pem/pem.h8 Apr 2011 20:55:11 - @@ -488,6 +488,7 @@ DECLARE_PEM_rw(RSA_PUBKEY, RSA) DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw_const(DSAPublicKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) Index: crypto/pem/pem_all.c === RCS file: /cvs/src/lib/libssl/src/crypto/pem/pem_all.c,v retrieving revision 1.8 diff -u -p -r1.8 pem_all.c --- crypto/pem/pem_all.c1 Oct 2010 22:58:56 - 1.8 +++ crypto/pem/pem_all.c8 Apr 2011 20:55:11 - @@ -224,6 +224,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, } IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +IMPLEMENT_PEM_rw_const(DSAPublicKey, DSA, PEM_STRING_DSA_PUBLIC, DSAPublicKey) IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) #ifndef OPENSSL_NO_FP_API __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2366] pkeyutl SEGV
Hi, openssl pkeyutl -peerform will SEGV due to dereferencing the NULL termination of the argv array, here's a fix: Index: pkeyutl.c === RCS file: /cvs/src/lib/libssl/src/apps/pkeyutl.c,v retrieving revision 1.1.1.2 diff -u -p -r1.1.1.2 pkeyutl.c --- pkeyutl.c 1 Oct 2010 22:54:01 - 1.1.1.2 +++ pkeyutl.c 13 Oct 2010 21:27:07 - @@ -119,17 +119,17 @@ int MAIN(int argc, char **argv) if (!strcmp(*argv,-in)) { if (--argc 1) badarg = 1; -infile= *(++argv); +else infile= *(++argv); } else if (!strcmp(*argv,-out)) { if (--argc 1) badarg = 1; - outfile= *(++argv); + else outfile= *(++argv); } else if (!strcmp(*argv,-sigfile)) { if (--argc 1) badarg = 1; - sigfile= *(++argv); + else sigfile= *(++argv); } else if(!strcmp(*argv, -inkey)) { @@ -159,17 +159,17 @@ int MAIN(int argc, char **argv) else if (!strcmp(*argv,-passin)) { if (--argc 1) badarg = 1; - passargin= *(++argv); + else passargin= *(++argv); } else if (strcmp(*argv,-peerform) == 0) { if (--argc 1) badarg = 1; - peerform=str2fmt(*(++argv)); + else peerform=str2fmt(*(++argv)); } else if (strcmp(*argv,-keyform) == 0) { if (--argc 1) badarg = 1; - keyform=str2fmt(*(++argv)); + else keyform=str2fmt(*(++argv)); } #ifndef OPENSSL_NO_ENGINE else if(!strcmp(*argv, -engine)) __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1835] PATCH: typos
typo fixes that have accrued in OpenBSD's import of OpenSSL over the years Index: MacOS/GetHTTPS.src/ErrorHandling.hpp === RCS file: /cvs/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -p -r1.1.1.1 -r1.2 --- MacOS/GetHTTPS.src/ErrorHandling.hpp5 Sep 2002 12:51:29 - 1.1.1.1 +++ MacOS/GetHTTPS.src/ErrorHandling.hpp26 May 2007 00:36:03 - 1.2 @@ -29,7 +29,7 @@ OSErr AppendErrorMessageToHandle(Handle -// A bunch of evil macros that would be uneccessary if I were always using C++ ! +// A bunch of evil macros that would be unnecessary if I were always using C++ ! #define SetErrorMessageAndBailIfNil(theArg,theMessage) \ { \ Index: crypto/asn1/a_bytes.c === RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_bytes.c,v retrieving revision 1.1.1.4 retrieving revision 1.8 diff -u -p -r1.1.1.4 -r1.8 --- crypto/asn1/a_bytes.c 6 Sep 2008 12:15:39 - 1.1.1.4 +++ crypto/asn1/a_bytes.c 6 Sep 2008 12:17:48 - 1.8 @@ -79,7 +79,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_ST if (tag = 32) { - i=ASN1_R_TAG_VALUE_TOO_HIGH;; + i=ASN1_R_TAG_VALUE_TOO_HIGH; goto err; } if (!(ASN1_tag2bit(tag) type)) Index: crypto/asn1/t_x509.c === RCS file: /cvs/src/lib/libssl/src/crypto/asn1/t_x509.c,v retrieving revision 1.1.1.5 retrieving revision 1.11 diff -u -p -r1.1.1.5 -r1.11 --- crypto/asn1/t_x509.c9 Jan 2009 12:13:51 - 1.1.1.5 +++ crypto/asn1/t_x509.c9 Jan 2009 12:15:27 - 1.11 @@ -332,7 +332,7 @@ int X509_signature_print(BIO *bp, X509_A int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) { int i,n; - char buf[80],*p;; + char buf[80],*p; if (v == NULL) return(0); n=0; Index: crypto/bn/bntest.c === RCS file: /cvs/src/lib/libssl/src/crypto/bn/bntest.c,v retrieving revision 1.1.1.7 retrieving revision 1.12 diff -u -p -r1.1.1.7 -r1.12 --- crypto/bn/bntest.c 6 Sep 2008 12:15:41 - 1.1.1.7 +++ crypto/bn/bntest.c 6 Sep 2008 12:17:49 - 1.12 @@ -926,7 +926,7 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_mod_exp(d,a,b,c,ctx)) - return(00); + return(0); if (bp != NULL) { @@ -1028,7 +1028,7 @@ int test_exp(BIO *bp, BN_CTX *ctx) BN_bntest_rand(b,2+i,0,0); /**/ if (!BN_exp(d,a,b,ctx)) - return(00); + return(0); if (bp != NULL) { Index: crypto/des/times/usparc.cc === RCS file: /cvs/src/lib/libssl/src/crypto/des/times/usparc.cc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -p -r1.1.1.1 -r1.2 --- crypto/des/times/usparc.cc 5 Oct 1998 20:12:45 - 1.1.1.1 +++ crypto/des/times/usparc.cc 29 Mar 2005 17:29:10 - 1.2 @@ -2,7 +2,7 @@ solaris 2.5.1 usparc 167mhz?? - SC4.0 cc For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts' gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s. -I belive the difference is tied up in optimisation that the compiler +I believe the difference is tied up in optimisation that the compiler is able to perform when the code is 'inlined'. For 'speed', the DES routines are being linked from a library. I'll record the higher speed since if performance is everything, you can always inline Index: crypto/ripemd/README === RCS file: /cvs/src/lib/libssl/src/crypto/ripemd/README,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -p -r1.1.1.1 -r1.2 --- crypto/ripemd/README5 Oct 1998 20:12:41 - 1.1.1.1 +++ crypto/ripemd/README29 Mar 2005 17:29:10 - 1.2 @@ -4,7 +4,7 @@ http://www.esat.kuleuven.ac.be/~bosselae This is my implementation of RIPEMD-160. The pentium assember is a little off the pace since I only get 1050 cycles, while the best is 1013. I have a few ideas for how to get another 20 or so cycles, but at -this point I will not bother right now. I belive the trick will be +this point I will not bother right now. I believe the trick will be to remove my 'copy X array onto stack' until inside the RIP1() finctions
Re: [openssl.org #1831] PATCH: openssl rand -hex
On Sun, 1 Feb 2009, Bodo Moeller via RT wrote: [...@mindrot.org - Fr. 30. Jan. 2009, 11:52:17]: This patch adds a -hex option to the rand app. E.g. $ openssl rand -hex 8 d203552d5eb39e76 What is the rationale of not having a newline at the end? It's text, after all? no rationale, just an oversight. -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1831] PATCH: openssl rand -hex
On Sun, 1 Feb 2009, Bodo Moeller via RT wrote: What is the rationale of not having a newline at the end? It's text, after all? no rationale, just an oversight. So ... I was going to add the newline while working on the patch, but then it occurred to me as you said this comes from OpenBSD CVS I might be breaking something there. No risk then? we'll cope ;) -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1831] PATCH: openssl rand -hex
On Sun, 1 Feb 2009, Bodo Moeller via RT wrote: we'll cope ;) Here's my version of the patch. Let me know if it looks OK for you. looks good to me -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1831] PATCH: openssl rand -hex
Hi, This patch adds a -hex option to the rand app. E.g. $ openssl rand -hex 8 d203552d5eb39e76 Patch is from Matthieu Herrb (matth...@openbsd.org) via OpenBSD CVS. -d Index: apps/rand.c === RCS file: /cvs/src/lib/libssl/src/apps/rand.c,v retrieving revision 1.1.1.3 retrieving revision 1.6 diff -u -p -r1.1.1.3 -r1.6 --- apps/rand.c 6 Sep 2008 12:15:38 - 1.1.1.3 +++ apps/rand.c 6 Sep 2008 12:17:47 - 1.6 @@ -69,6 +69,7 @@ /* -out file - write to file * -rand file:file - PRNG seed files * -base64 - encode output + * -hex - hex encode output * num - write 'num' bytes */ @@ -84,6 +85,7 @@ int MAIN(int argc, char **argv) char *outfile = NULL; char *inrand = NULL; int base64 = 0; + int hex = 0; BIO *out = NULL; int num = -1; #ifndef OPENSSL_NO_ENGINE @@ -133,6 +135,13 @@ int MAIN(int argc, char **argv) else badopt = 1; } + else if (strcmp(argv[i], -hex) == 0) + { + if (!hex) + hex = 1; + else + badopt = 1; + } else if (isdigit((unsigned char)argv[i][0])) { if (num 0) @@ -148,6 +157,9 @@ int MAIN(int argc, char **argv) badopt = 1; } + if (hex base64) + badopt = 1; + if (num 0) badopt = 1; @@ -161,6 +173,7 @@ int MAIN(int argc, char **argv) #endif BIO_printf(bio_err, -rand file%cfile%c... - seed PRNG from files\n, LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, -base64 - encode output\n); + BIO_printf(bio_err, -hex - hex encode output\n); goto err; } @@ -210,7 +223,13 @@ int MAIN(int argc, char **argv) r = RAND_bytes(buf, chunk); if (r = 0) goto err; - BIO_write(out, buf, chunk); + if (!hex) + BIO_write(out, buf, chunk); + else { + int i; + for (i = 0; i chunk; i++) + BIO_printf(out, %02x, buf[i]); + } num -= chunk; } (void)BIO_flush(out); __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1832] PATCH: force IPv4/IPv6 for s_client
Hi, This diff changes the s_client and s_server apps to use getaddrinfo for address parsing rather than manual IPv4 parsing and gethostbyname. This allows specification of port by name: openssl s_client -connect bugzilla.mindrot.org:https But the main point is to support IPv6. You can now specify an IPv6 address explicitly (using '/' as a port separator to avoid ambiguity) or use DNS names with IPv6 A records listed. s_client gets new -4 and -6 options to force the issue when a host resolves to both IPv4 and IPv6 addresses. diff is against 0.9.8j, it has been in OpenBSD for a couple of years now. -d Index: apps/s_apps.h === RCS file: /cvs/src/lib/libssl/src/apps/s_apps.h,v retrieving revision 1.1.1.4 retrieving revision 1.8 diff -u -p -r1.1.1.4 -r1.8 --- apps/s_apps.h 6 Sep 2008 12:15:38 - 1.1.1.4 +++ apps/s_apps.h 6 Sep 2008 12:20:16 - 1.8 @@ -156,10 +156,10 @@ int MS_CALLBACK verify_callback(int ok, int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); #endif -int init_client(int *sock, char *server, int port, int type); +int init_client(int *sock, char *server, char *port, int type, int af); int should_retry(int i); int extract_port(char *str, short *port_ptr); -int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); +int extract_host_port(char *str,char **host_ptr,unsigned char *ip,char **p); long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); Index: apps/s_client.c === RCS file: /cvs/src/lib/libssl/src/apps/s_client.c,v retrieving revision 1.1.1.8 diff -u -p -r1.1.1.8 s_client.c --- apps/s_client.c 9 Jan 2009 12:13:49 - 1.1.1.8 +++ apps/s_client.c 30 Jan 2009 03:45:08 - @@ -109,6 +109,8 @@ * */ +#include sys/types.h +#include netinet/in.h #include assert.h #include stdio.h #include stdlib.h @@ -192,6 +194,8 @@ static void sc_usage(void) { BIO_printf(bio_err,usage: s_client args\n); BIO_printf(bio_err,\n); + BIO_printf(bio_err, -4- Force IPv4\n); + BIO_printf(bio_err, -6- Force IPv6\n); BIO_printf(bio_err, -host host - use -connect instead\n); BIO_printf(bio_err, -port port - use -connect instead\n); BIO_printf(bio_err, -connect host:port - who to connect to (default is %s:%s)\n,SSL_HOST_NAME,PORT_STR); @@ -289,12 +293,12 @@ int MAIN(int argc, char **argv) int off=0; SSL *con=NULL,*con2=NULL; X509_STORE *store = NULL; - int s,k,width,state=0; + int s,k,width,state=0, af=AF_UNSPEC; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; int sbuf_len,sbuf_off; fd_set readfds,writefds; - short port=PORT; + char *port=PORT_STR; int full_log=1; char *host=SSL_HOST_NAME; char *cert_file=NULL,*key_file=NULL; @@ -391,8 +395,8 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,-port) == 0) { if (--argc 1) goto bad; - port=atoi(*(++argv)); - if (port == 0) goto bad; + port= *(++argv); + if (port == NULL || *port == '\0') goto bad; } else if (strcmp(*argv,-connect) == 0) { @@ -578,6 +582,8 @@ int MAIN(int argc, char **argv) if (--argc 1) goto bad; inrand= *(++argv); } + else if (strcmp(*argv,-4) == 0) { af = AF_INET;} + else if (strcmp(*argv,-6) == 0) { af = AF_INET6;} #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,-servername) == 0) { @@ -795,7 +801,7 @@ bad: re_start: - if (init_client(s,host,port,sock_type) == 0) + if (init_client(s,host,port,sock_type,af) == 0) { BIO_printf(bio_err,connect:errno=%d\n,get_last_socket_error()); SHUTDOWN(s); Index: apps/s_socket.c === RCS file: /cvs/src/lib/libssl/src/apps/s_socket.c,v retrieving revision 1.1.1.6 diff -u -p -r1.1.1.6 s_socket.c --- apps/s_socket.c 6 Sep 2008 12:15:39 - 1.1.1.6 +++ apps/s_socket.c 30 Jan 2009 03:45:08 - @@ -96,11 +96,9 @@ static struct hostent *GetHostByName(cha static void ssl_sock_cleanup(void); #endif static int ssl_sock_init(void); -static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); static int init_server(int *sock, int port, int type); static int init_server_long(int *sock, int port,char *ip, int type); static int do_accept(int acc_sock, int
Re: [openssl.org #1089] test report for OpenBSD -current
Richard Levitte via RT wrote: [EMAIL PROTECTED] - Mon Jun 6 07:15:40 2005]: Richard Levitte via RT wrote: Thanks for the positive report! Apropos the 'test skipped' stuff, I'm not sure why skipping tests on unbuilt algorithms is self-defeating. It didn't skip only the tests on unbuilt algorithms, it skipped *all* the tests. Ah, good point. I jumped to conclusions too fast, it seems. Sorry about that. I just committed a change, but unfortunately, it's a little late to get it into beta4. Would you be willing to test tomorrow's snapshot (openssl-0.9.8-stable-SNAP-20050607.tar.gz), to ensure it does the right thing before beta5? sorry for not getting back sooner, but beta5 works fine. -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1089] test report for OpenBSD -current
Richard Levitte via RT wrote: Thanks for the positive report! Apropos the 'test skipped' stuff, I'm not sure why skipping tests on unbuilt algorithms is self-defeating. It didn't skip only the tests on unbuilt algorithms, it skipped *all* the tests. Anyway, I'm resolving this ticket. [EMAIL PROTECTED] - Wed Jun 1 10:10:50 2005]: Hi, Here is a testlog for OpenBSD -current. We probably won't get around to integrating 0.9.8 until after OpenBSD-3.8 is released. I hacked the 'test skipped' stuff our of util/selftest.pl - I think skipping tests because of no-mdc2 and no-rc5 is somewhat self-defeating -d OpenSSL self-test report: OpenSSL version: 0.9.8-beta3 Last change: Correct naming of the 'chil' and '4758cca' ENGINEs. Thi... Options: 386 no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-sse2 no-zlib no-zlib-dynamic OS (uname): OpenBSD baragon.mindrot.org 3.7 BARAGON#26 i386 OS (config): i386-whatever-openbsd Target (default): BSD-x86-elf Target: BSD-x86-elf Compiler: Configured with: Thread model: single gcc version 3.3.5 (propolice) Test passed. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1089] test report for OpenBSD -current
Hi, Here is a testlog for OpenBSD -current. We probably won't get around to integrating 0.9.8 until after OpenBSD-3.8 is released. I hacked the 'test skipped' stuff our of util/selftest.pl - I think skipping tests because of no-mdc2 and no-rc5 is somewhat self-defeating -d OpenSSL self-test report: OpenSSL version: 0.9.8-beta3 Last change: Correct naming of the 'chil' and '4758cca' ENGINEs. Thi... Options: 386 no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-sse2 no-zlib no-zlib-dynamic OS (uname): OpenBSD baragon.mindrot.org 3.7 BARAGON#26 i386 OS (config): i386-whatever-openbsd Target (default): BSD-x86-elf Target: BSD-x86-elf Compiler: Configured with: Thread model: single gcc version 3.3.5 (propolice) Test passed. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]